We had a problem last week which was an ISP problem in the end. While troubleshooting we opened the server for relay and gave access permissions to any IP address.
After the problem was fixed we all setting were put back as they were before the problem.
SMTP virtual server connection control has only postini listed (we use postini).
No relay permissions, clients only use exchange from the internal netwrok through outlook or owa.
Today I've realized the queue was filled with thousands of messages and lots of connections for many different domains.
Anonymous access is checked under access control, but as far as I know that doesnt mean the server will be an open relay but will only accet email with local mailboxes as it's destination.
I tried deleting the messages but they tyhey keep filling the queue.
I can't tell where are coming from when opening the messages from the queue. Just the "spoofed" sender but no IP address.
I will really appreciate any help.